|Received:||8/2/2007 2:12:19 PM|
|State:||Outside the United States|
|Agency:||Federal Trade Commission|
|Rule:||Private Sector Use of SSNs|
Comments:SSN (or alternate similar identification numbers like the EIN are just that: a number identifying somebody. All uses of it to authenticate are the base of the problem. The best approach is to ban al use of SSNs as authentication means by *publishing the entire list on a certain date, forcing all other users to switch to a better system than a number that cannot be changed, that gets accidentially disclosed all the time etc. To support businesses: build a real authentication scheme where you e.g. issue smartcards containing private/public keypairs such as the E-ID project in Belgium.